Dashboard v2 Release

As a largely backend-based service, our main client-facing channel is our web-based dashboard. We have just released v2 of the dashboard, and I would like to take some time to walk you through the various new features we have added to make your analysis workflow easier.

As a largely backend-based service, our main client-facing channel is our web-based dashboard. We have designed the dashboard with simplicity and ease of use in mind, and as such the app is still very much a MVP, without the bells and whistles you may be accustomed to seeing in other systems. While the system may appear to lack complexity, it certainly makes up for it in speed.

To celebrate the launch of the new dashboard, let’s take some time to walk you through the various new features we have added to improve your analysis workflow.

Here is a brief list of the new features, in no particular order:

  • Search for multiple files, using a mix of hashes or search modifiers
  • Download malware samples directly from the Search Results screen
  • Cater for security providers that fall outside of the core circle of antivirus vendors
  • Select and download (multiple) sample(s) from Search Results screen
  • Tags showing malware families and categories
  • List of antivirus engines is now sorted alphabetically in A-Z order
  • Alert-me function (hash subscription) notifying you when a hash arrives in DB
  • Fetch and upload a file from a URL
  • Notify when file upload & antivirus scan is complete
  • Extended file details with TrID and File Origin
  • Added file level tools (report issue, copy to cURL and scan change notification)
  • In-app notifications (updates and new features)
  • Sandbox integration (coming in Q1/2022)

Let’s summarize each of these features with a little more detail and visuals.

Search for multiple files, using a mix of hashes or search modifiers

Allows you to search for multiple files. You can either search by entering multiple hashes (can be a mix of md5, sha1 or sha256) or by using search modifiers. For example, you can search for these three files by entering them on a single line, separated by a space.

28b9b682b8f7b2a101cb4f8503826145
9c665b2ad53682c156e6f0a62d5d215eda5828ca
c8d54eac34afd28839ae109f0813ed54f21ee9d17a8ae54e5b12a11ec9250999

Post image

Alternatively, you can now also search by using various Search Modifiers:

  • detections: number of av detections
  • family: belongs to a malware family
  • hash: MD5/SHA1/SHA256 hash(es)
  • tag: has the following tag(s)
  • identity: has the following identity (malware, mobile, etc.)
  • date_after: first seen after this date (YYYY-MM-DD)
  • date_before: first seen before this date (YYYY-MM-DD)

For example, the search query:

family: generickd; date_after: 2021-11-01

will return all the files tagged as belonging to the “generickd” malware family, seen as of November 1st, 2021.

Post image

From the Search Results, you can either download a single malware sample using the download icon in the Actions column, or download multiple files by checking the boxes in front of the desired files and clicking on the Download Selected Files button. Multiple files are combined and made available for download as a single file archive.

Post image

Tags showing malware families and categories

Tags are shown in the File Details screen, right under file name and hash. Malware family is indicated with red, other tags are shown as gray.

Post image

List of antivirus engines is now sorted alphabetically in A-Z order

In the Detections tab of the File Details screen, the list of antivirus engines is now sorted alphabetically in A-Z order, instead of reverse order.

Post image

Alert-me function (hash subscription) notifying you when a hash arrives in DB

When a user searches for a hash that is not found in our database, the system allows the user to set an alert (or a marker) for the system to generate a reminder if/when the desired hash gets added to our database at a later time. For example, let us do a search for “39a434d45cdd32094db9c2d474fdeff4”.

Post image

We see that at this point this file is not available in our database. Click on the “click here” link to add this hash to a wish list of files, or what we call “Hash Subscriptions”.

Post image

You will see a visual confirmation that “Subscription was created successfully”. When a file in your wish list arrives in our system, you will receive a notification email as shown below:

Post image

You can manage your wish list from the Hash Subscriptions screen, where you can also add hashes directly.

Post image

Fetch and upload a file from a URL

This is an addition to the File Upload screen. It allows you to fetch (and upload) a file directly from a remote location, instead of having to download the file first. It will “refang” defanged URLs. For example, let’s enter:

http[:]//103.153.78.60/68886/vbc.exe

Post image

File is prepared for upload. Notice the URL has been “refanged”. All you have to do now is press the Upload button for the system to fetch and upload the file automatically to the system. The system will notify you in case the file no longer exists.

Post image

Notify when file upload & antivirus scan is complete

During busy times you can upload a file and switch to a different browser tab to continue your work – the system will notify you when the file has been uploaded and successfully scanned by placing a temporary notification (red dot) on the dashboard browser tab.

Post image

Extended file details with TrID and File Origin

Added TrID and File Origin to the File Details screen, with TrID being a much-requested feature from the initial dashboard release.

Post image

Added file level tools (Copy to cURL, Report Issue and Subscribe)

We have also added some customer requested features to the File Details screen. Copy to cURL copies the current file hash to an API call you can paste into a terminal. Report Issue allows you to send us a message about the file, for example to report a false positive. The Subscribe functionality here tags the file to report back when its scan status changes, i.e., when the file is detected by more engines.

Post image

In-app notifications (updates and new features)

Added an in-app notification service that pops up when updates or new features have been added to the service. We are using Headway App (https://headwayapp.co/) for this. Clicking the bell icon (top right of the screen) will show you a list of updates.

Post image

Clicking on an item will show you more detail.

Post image

You can always head over to our updates (https://headwayapp.co/vxintel-changelog) page on Headway to view the full list of updates.

Sandbox integration (coming in Q1/2022)

One feature that did not make it in this version unfortunately, is the sandbox integration. Due to the complexities of integration, we have decided to add the sandbox at a later time to allow more time for testing. We expect this to be some time late in Q1/2022.

That’s all for now! We will be adding additional tooling in v3 next year, but we hope you will like this new release in the meantime. If you have any questions, please feel free to ping us on support@vxintel.io.

Top